1. Field
Various features disclosed herein pertain generally to peer-to-peer overlay networks, and at least some features pertain to devices and methods for facilitating group access control to data objects in peer-to-peer overlay networks.
2. Background
Peer-to-peer (or p2p) and other similar overlay networks include a distributed application architecture that partitions tasks or workloads between peers. Such peer-to-peer overlay networks can be built on top of an underlying network, such as a network utilizing the Internet Protocol (IP).
Typically, peers are equally privileged, equipotent participants in the application, and are typically said to form a peer-to-peer network of nodes. The various peer nodes cooperate with each other both to provide services and to maintain the network. Peer nodes typically make a portion of their resources, such as processing power, disk storage or network bandwidth, directly available to other network participants, without the need for central coordination by servers or stable hosts. Generally speaking, the peer nodes are both suppliers and consumers of resources, in contrast to the traditional client-server model where only servers supply, and clients consume.
Peer-to-peer and similar overlay networks can be employed in many environments for low-cost scalability and easy deployment of applications. Typically, such networks are relatively open, allowing devices (i.e., nodes) to join and leave at will. In some implementations of such a network, a user's data can be stored in a distributed fashion on a remote node in the network, which might be known or unknown to the user. As a result some users may not have full confidence in the overlay's data storage capability unless there are assurances that the user's data will not be accessed (e.g., read and/or modified) in unauthorized fashion. The data owner may, therefore, be able to specify access controls defining who can access the stored data objects.
Conventionally, each data object stored in a peer-to-peer overlay network has a respective access control list indicating the access control policy for that particular data object. For example, the respective access control list may indicate which users or groups of users have a specified type of access to the data object. However, providing efficient group-based access control can be challenging in a peer-to-peer overlay network in which there may or may not be any central authority to enforce access control based on group membership. For example, without a central authority, it may be difficult to authenticate peer nodes as valid group members. Therefore, there is a need for systems, devices and/or methods for managing and authenticating group membership among peer nodes in a peer-to-peer overlay network.